MongoDB user role authorization

dbAdmin includes the following permissions in the db scope:

collStats
dbHash
dbStats
find
killCursors
listIndexes
listCollections
dropCollection and createCollection on system.profile only
userAdmin includes the following permissions in the db scope:

changeCustomData
changePassword
createRole
createUser
dropRole
dropUser
grantRole
revokeRole
viewRole
viewUser
readAnyDatabase collection is readable and contains listDatabases permission

readWriteAnyDatabase is readable and writable for collection in all databases and contains listDatabases permission

userAdminAnyDatabase has userAdmin role for all databases and contains listDatabases permission

dbAdminAnyDatabase has the dbAdmin role for all databases, and also includes the listDatabases permissions

cluster-related permissions clusterMonitor, hostManager, clusterManager, clusterAdmin



root permissions: including readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase and clusterAdmin and other roles. But can not access the collection at the beginning of system.(root does not include any access to collections that begin with the system. prefix.)

__system: super role permissions



Related official documents:


http://docs.mongodb.org/manual/reference/built -in-roles/#__system

http://www.tuicool.com/articles/fMZbUzu
------------------------------ -------------------------------------



Example:
use webdb
db.createUser( 
  { 
    user: "user ", 
    pwd: "123", 
    roles: [{ "role" : "root","db" : "admin"},"readWrite"] 
  } 
)

Create a user user on the webdb database, with root permissions on the admin database, and

writable permission